CVE-2024-39592 — CVSS 7.7 (high): Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This…
CVE-2023-35870 — CVSS 6.3 (medium): When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker…
CVE-2026-24323 — CVSS 6.1 (medium): The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not…
CVE-2026-0505 — CVSS 6.1 (medium): The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This…
CVE-2024-37172 — CVSS 5.4 (medium): SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in…
CVE-2023-40625 — CVSS 5.4 (medium): S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an…
CVE-2026-23688 — CVSS 4.3 (medium): SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in…